Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [Full-Disclosure] new phpBB worm affects 2.0.11
.

  • Subject: Re: [Full-Disclosure] new phpBB worm affects 2.0.11
  • From: ^^MAg^^ <[EMAIL PROTECTED]>
  • Date: Sat, 25 Dec 2004 16:27:55 +0100
  • Cc: [EMAIL PROTECTED]
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=ZLyaBXv11hO8KGof7+iE5VFX/JPCiV4CG2Tg/vwz63YsoDq2+Ezin405M4/UnIiaCHF8TSJOVm3KwkNTdtqb39uMqCNl2Ekfwzd8/thqHy3Dyu0JgwPZ/TnjJ+54I1qvuHPkGmLnBJbYix6LSG+2+0FiCk0dvEeW1Y6jeyaQAOU=
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Reply-to: ^^MAg^^ <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
On Fri, 24 Dec 2004 17:06:30 -0500, Herman Sheremetyev
<[EMAIL PROTECTED]> wrote:
> My patched phpBB 2.0.11 running on FreeBSD 4.10 was exploited by a new
> variation of the worm this morning.  I'm attaching the 2 perl scripts it
> installs, one is an irc bot the other the worm itself.

Are you sure it's because bug in 2.0.11 ? I see there only old hilight bug

> -Herman

heh, this is soo lame

> my @adms=("ssh");                              # Nick do administrador                        #
16:22:31 [ Whois ssh ([EMAIL PROTECTED]) ]
16:22:31 :    Ircname : Se fu ???? e dai ??
16:22:31 :     Domain : "Brazil"
16:22:31 :   Channels : #staff #ssh
16:22:31 :     Server : hub3.ssh.net [SSHWorms R0xNet Server]
16:22:31 --- End of Whois ---

the person with this nick can controll all of this

> my @canais=("#ssh echo");                         # Caso haja senha ("#canal :senha")            #
> $servidor='ssh.gigachat.net' unless $servidor;  # Servidor de irc que vai ser usado            #

/server ssh.gigachat.net
/join #ssh echo
everyone's invited ;)
( also #fuck_this_worm )


greets goes to prophecy who found it at the same time :)
-- 
Greetings
^^MAg^^                                         mailto:/jid: [EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.